The use of routers with a NAT (Network Address Translation) feature can interfere in accessing an internal network from an external network. This can be a particular problem for peer-to-peer applications such as voice communication over the Internet (known as VoIP) and/or online gaming, etc. NAT is an Internet standard that enables a local area network (LAN) to use of one set of private IP addresses for internal traffic and a second set of global IP addresses for external traffic. A node that has NAT capability is often referred as “NAT box”.
A NAT (literally) translates network (IP) address between the two networks. Network Address Port Translation (NAPT) translates not only IP address but also port numbers of a transport layer protocol. Although NAT/NAPT has its good properties, there is a significant side effect. If the translation is performed dynamically, nodes in the external network have no way to know the IP address (and the port number) on the NAT ahead of time to reach a node in the internal network. Unfortunately, this is the most common behavior of NAT in the residential and SOHO routers deployed in the current market.
A NAT can generally be categorized as being Full Cone, Restricted Cone, Port Restricted Cone or Symmetric. A full cone NAT maps all requests from the same internal IP address and port to the same external IP address and port. Furthermore, any external host can send a packet to the internal host through a full cone NAT by sending a packet to the mapped external address. In a restricted cone NAT all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host with IP address X can send a packet to the internal host only if the internal host had previously sent a packet to IP address X. A port restricted cone NAT is like a restricted cone NAT, but the restriction also includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P.
In a symmetric NAT all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host. The symmetric NAT tends to be the most problematic type of NAT to traverse. One technique for symmetric NAT traversal is known as “port prediction”, which is described in detail in US Patent Application publication 20070076729A1, which is incorporated herein by reference. In this type of symmetric NAT traversal, a first node is behind a first NAT that is symmetric and a second node that is behind a second NAT. The first node constructs a list of predicted transport addresses on the first NAT and sends a message containing the list of predicted transport addresses to the second node. A connectivity check is performed with the second node using the predicted transport addresses.
It has been estimated that 18% of NATs are Symmetric and a connection failure rate of more than 10% is anticipated without port prediction. Some applications involving NAT traversal may require up to 64 simultaneous connections. It is not clear whether port prediction can reliably work for such applications.
It is within this context that embodiments of the present invention arise.